I have configured a .net core 3.1 MVC website to use openidconnect and Microsoft Azure Tenant authentication. Everything works perfectly in IIS Express and also running it directly on Kestrel server and going to the localhost:<port>. When I attempt to
publish it on my IIS server (and also locally under IIS), it takes me to the Microsoft login as it should, but when it jumps back to the callback path /signin-oidc, it gives a 404 error.
This localhost page can’t be found. No webpage was found for the web address: https://localhost/contracts/signin-oidc
HTTP ERROR 404
I realize IIS is acting as a proxy to Kestrel, and it seems as if it is not allowing the /signin-oidc to make its way to the Kestrel server under IIS.
Am I missing something that needs to be set up differently under IIS opposed to IIS Express and running directly from Kestrel?
I appreciate any assistance. I have attempted the following to fix:
1. Set up the app on IIS under a virtual web (as an app) and also published directly to the default web site root.
2. Attempted OutOfProcess instead of InProcess.
3. Added CORS configuration thinking it may be related to that.
None
0 Points
34 Posts
Openidconnect issue under IIS 8
Jan 28, 2020 10:29 PM|shwelch|LINK
I have configured a .net core 3.1 MVC website to use openidconnect and Microsoft Azure Tenant authentication. Everything works perfectly in IIS Express and also running it directly on Kestrel server and going to the localhost:<port>. When I attempt to publish it on my IIS server (and also locally under IIS), it takes me to the Microsoft login as it should, but when it jumps back to the callback path /signin-oidc, it gives a 404 error.
This localhost page can’t be found. No webpage was found for the web address: https://localhost/contracts/signin-oidc
HTTP ERROR 404
I realize IIS is acting as a proxy to Kestrel, and it seems as if it is not allowing the /signin-oidc to make its way to the Kestrel server under IIS.
Am I missing something that needs to be set up differently under IIS opposed to IIS Express and running directly from Kestrel?
I appreciate any assistance. I have attempted the following to fix:
1. Set up the app on IIS under a virtual web (as an app) and also published directly to the default web site root.
2. Attempted OutOfProcess instead of InProcess.
3. Added CORS configuration thinking it may be related to that.
Relevant:
services.AddAuthentication(auth =>{auth.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;auth.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;}).AddOpenIdConnect(options =>{options.ClientId = Configuration["AzureAd:ClientId"];options.ClientSecret = Configuration["AzureAd:ClientSecret"];options.RemoteAuthenticationTimeout = TimeSpan.FromSeconds(220);options.Authority = "https://login.microsoftonline.com/<tenant ID>/v2.0/";options.ResponseType = "code";options.Scope.Add("profile");options.Scope.Add("email");options.TokenValidationParameters = new TokenValidationParameters{ValidateIssuer = false,NameClaimType = ClaimTypes.Name};options.CallbackPath = "/signin-oidc"AND
app.UseAuthentication();app.UseCookiePolicy();app.UseHttpsRedirection();app.UseStaticFiles();app.UseRouting();app.UseAuthorization();app.UseEndpoints(endpoints =>{endpoints.MapControllerRoute("default", "{controller=Home}/{action=Index}/{id?}");endpoints.MapRazorPages();});None
0 Points
34 Posts
Re: Openidconnect issue under IIS 8
Jan 28, 2020 10:55 PM|shwelch|LINK
Well after digging some more, this was a permissions issue that I didn't realize existed. Disregard!